Open Install

Category: Adware and PUAs Protection available since:13 Feb 2012 02:10:31 (GMT)
Type: Unspecified PUA Last Updated:19 Jul 2014 01:00:49 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Open Install  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Open Install include:

Example 1

File Information

Size
501K
SHA-1
00035c450f74ce13c971ad8709fb29ca398e9673
MD5
995fe70211497f25638e325ac4f34031
CRC-32
bdaaa052
File type
Windows executable
First seen
2013-11-13

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\OIAssistWTD.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\2vJWjovFmV.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\0aDKOWh6ZR.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\R5dxNa1slw.html
  • c:\Documents and Settings\test user\Local Settings\Temp\OIC2.tmp
    Size
    985K
    SHA-1
    cff81196c76bc3068c0f45e8b02f084f83bfbfad
    MD5
    9146f921621b4d30e6b58394830ff7ad
    CRC-32
    bf5180fc
    File type
    Windows executable
    First seen
    2013-07-31
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\nsDmSOpMEY.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\2vJWjovFmV.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\0aDKOWh6ZR.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\nsDmSOpMEY.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\oilocal_main.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\oilocal_screen_2.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\shEyXNjmbG.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\oilocal_screen_2_4.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\R5dxNa1slw.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_8Pe0FYqfVP\shEyXNjmbG.mht
Registry Keys Created
  • HKCR\CLSID\{9E78B5FD-E5B4-B9D5-F859-A59DF4E08EEC}
    data
    047faa1d56d14cf98de49951ccb224dc
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
HTTP Requests
  • http://c04.inst.avg.com/serve/getProgress.php
  • http://c04.inst.avg.com/serve/getScreen.php
  • http://c04.inst.avg.com/serve/getSetup.php
  • http://c04.inst.avg.com/serve/getTemplate.php
  • http://c12081072.r72.cf2.rackcdn.com/main.min.js
  • http://c12081072.r72.cf2.rackcdn.com/screen_2.min.js
  • http://c12081072.r72.cf2.rackcdn.com/screen_2_4.min.js
  • http://st.cloins.com/
DNS Requests
  • c04.inst.avg.com
  • c12081072.r72.cf2.rackcdn.com
  • st.cloins.com

Example 2

File Information

Size
237K
SHA-1
00223231f4cf8081595b4ef81b134e924d7457c5
MD5
1810e02b25a63dd612538c1a17de4dee
CRC-32
fa331b3c
File type
Windows executable
First seen
2012-06-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\0zm59A8SnV.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\TdRD3ywTlg.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Zab2gRthdt.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\TdRD3ywTlg.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Zab2gRthdt.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Ay3jOl80gw.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\3nIq4qGFZl.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\0zm59A8SnV.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Ay3jOl80gw.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\3nIq4qGFZl.html
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012062220120623
    CacheRepair
    0x00000000
HTTP Requests
  • http://c12081072.r72.cf2.rackcdn.com/main.min.js
  • http://c12081072.r72.cf2.rackcdn.com/screen_2_4.min.js
  • http://d2367f1ev6uh4s.cloudfront.net/Installers/Tucows/images/logo.png
  • http://img0001.s3.amazonaws.com/Offers/AVG%20Toolbar/avgtoolbar.bmp
  • http://inst.avg.com/serve/cb.php
  • http://inst.avg.com/serve/getProgress.php
  • http://inst.avg.com/serve/getScreen.php
  • http://inst.avg.com/serve/getTemplate.php
  • http://stats.inst.avg.com/run
DNS Requests
  • c12081072.r72.cf2.rackcdn.com
  • d2367f1ev6uh4s.cloudfront.net
  • img0001.s3.amazonaws.com
  • inst.avg.com
  • market.oicdn.com
  • st.openinstall.com
  • stats.inst.avg.com

Example 3

File Information

Size
416K
SHA-1
0024f74adbaa316bbedd5316e3c75ceec68b06ec
MD5
9fd9c67021333bb329691f8905950355
CRC-32
e3c3f0e9
File type
Windows executable
First seen
2013-07-09

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_zzYxdygJvQ\OIAssistWTD.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\OIC2.tmp
Registry Keys Created
  • HKCR\CLSID\{9E78B5FD-E5B4-B9D5-F859-A59DF4E08EEC}
    data
    ef2792801bd245a895268eac6aa11caa
DNS Requests
  • config.inst.avg.com
  • st.cloins.com

download Try Sophos products for free
Download now